__/ [ Mark Kent ] on Monday 15 May 2006 08:30 \__
> begin oe_protect.scr
> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>> __/ [ John Bailo ] on Monday 15 May 2006 03:04 \__
>>
>>> Roy Culley wrote:
>>>
>>>> I surf the web as most PC users do. I never worry about what sites I
>>>> visit. Yet security advisory after security advisory for Windows flaws
>>>> state disable activeX or only visit trusted sites! What the fuck is a
>>>> trusted site?
>>>
>>> Windows security for Internet is designed around "zones" -- so there is
>>> Local Zone, Intranet Zone, Internet Zone. Basically you can assign
>>> levels of trust (low, medium, high) to specific sites.
>>
>>
>> This does not justify the concept. A trusted site should have nothing to
>> do with security. Paternal control is a whole different animal. Content
>> which was properly peer-reviewed (e.g. Wikipedia) is another.
>>
>>
>>>> Take email attachments. I receive them like anyone else. Do they cause
>>>> me harm? No. Even if I choose to save the attachment it isn't going to
>>>> run unless I explicitly allow it.
>>>
>>> But say it's a .vbs (VB script) and you are tricked into clicking on it?
>>>
>>> Or if it is an ActiveX object, which is essentially a Windows application
>>> that you download from a web site -- it can have all sorts of access,
>>> since it/you are running at admin level.
>>
>>
>> This is not a proper excuse. Roy Culley makes a valid and good point.
>> Windows has made the Internet dangerous, at least in the conceptual-level.
>> Not only has surfing become dangerous to its user (take Netcraft toolbar
>> as proof), but the whole community suffers. A net citizenship wherein one
>> citizen is allows to have spam spewed passively (affecting _everyone_) is
>> worrisome, to say the least.
>>
>>
>>>> My question is: why does Windows make using your computer on the
>>>> Internet so dangerous?
>>>
>>> Because the GUI runs at Ring 0. You the user, have ultimate privilege,
>>> and programs can run "as you" and basically run commands as if you were
>>> sitting there and typing them in.
>>
>>
>> This remains inexcusable. The main point is not being being addressed.
>
> Except it does address it in a way, in that Microsoft used a completely
> inexcusable design, knowing that it was insecure. They deliberately
> designed it to work this way. Sort of 'virus-ready'.
>
>>
>>
>>>> The answer is: Windows is insecure by design. Bandaid solutions are
>>>> the best they can oofer for many exploits.
>>>
>>> Windows was never designed for the Internet. It was designed for
>>> corporate networks and WANs that were insulated with their own firewalls
>>> and other
>>> levels of security. There was no design consideration for an
>>> independent
>>> node, directly connecting to the Internet. The MS design model is one
>>> of
>>> cells within cells of trust and relationships. That is the NT security
>>> model, where an admin of one domain brokers trust between other domains
>>> and individuals (one Microsoft document went so far as to describe it as
>>> the sort of relationships that drug dealers have with their higher ups
>>> and each
>>> other! Cutting the product down to the final end user!)
>>
>>
>> That being the case, Windows should not be distributed for use over the
>> Internet. Firewalls don't cut the deal. If a new O/S gets built from
>> scratch to accommodate for a multi-use, secure model, that will be a
>> different scenario. At present, neither XP not Vista are ready for the
>> Net. They call it "people-ready" in TV ads, but it is by no means secure
>> or "Net-ready".
>>
>>
>
> I have major issues with Microsoft's own drug-dealer model, though.
> Aside from anything else, drug-dealing is notoriously violent and highly
> insecure...
Windows: the drug deal of O/Sen: giving you a free dose/sample and then
you are hooked (chackled/locked in) for life. Before you know it, you
start with cocaine (Professional Edition) and, later on, heroine (Ultimate
Edition). But it's never not your fault. You couldn't help it because a
necessary-yet-basic feature was 'locked'.
Best wishes,
Roy
--
Roy S. Schestowitz | Vista: Windows XP with bling-bling, nothing else
http://Schestowitz.com | Open Prospects ¦ PGP-Key: 0x74572E8E
9:40am up 17 days 16:37, 8 users, load average: 0.30, 0.58, 0.59
http://iuron.com - knowledge engine, not a search engine
|
|